Logistics firm UPS said on Wednesday that customer credit and debit card data may have been stolen from 51 of its UPS Stores across the United States. The company found malware capable of recording card information and sending it to a third party on cash register systems in one percent of its 4,470 UPS Store locations — 51 stores in 24 states. UPS started to investigate a possible breach on July 31st, after the Homeland Security Department released a report warning that hackers would use nefarious software to target remote access systems designed to allow employees to access corporate networks from afar.
Malware was found in 51 UPS Stores
UPS is the latest in a long list of companies targeted by hackers trying to steal customer payment information by introducing malware to in-store payment systems. In June, chain restaurant P.F. Chang's revealed hackers had surreptitiously introduced similar software to point of sale systems in 33 of its locations. The malware was able to run undetected for eight months. Other affected companies have included Neiman Marcus, Sally's Beauty Supply, and Target, which had around 40 million credit cards stolen over the Thanksgiving holiday. The New York Times reports that the same group of criminals, based in eastern Europe, is believed to be behind both the UPS hack and earlier attacks.
Tim Davis, president of The UPS Store, issued a statement in which he apologized for "any anxiety" the hack may have caused customers. "As soon as we became aware of the potential malware intrusion," Davis said, "we deployed extensive resources to quickly address and eliminate this issue." The company says it will offer a year of free identity protection and credit monitoring services to anyone who used a card at one of the hacked stores.